Question No: 301 – (Topic 3)

A team of security engineers has applied regulatory and corporate guidance to the design of a corporate network. The engineers have generated an SRTM based on their work and a thorough analysis of the complete set of functional and performance requirements in the network specification. Which of the following BEST describes the purpose of an SRTM in this scenario?

To ensure the security of the network is documented prior to customer delivery

To document the source of all functional requirements applicable to the network

To facilitate the creation of performance testing metrics and test plans

Question No: 302 – (Topic 3)

A company has a single subnet in a small office. The administrator wants to limit non-web related traffic to the corporate intranet server as well as prevent abnormal HTTP requests and HTTP protocol anomalies from causing problems with the web server. Which of the following is the MOST likely solution?

Application firewall and NIPS

Edge firewall and HIDS

ACLs and anti-virus

Host firewall and WAF

Answer: D

Question No: 303 – (Topic 3)

A University uses a card transaction system that allows students to purchase goods using their student ID. Students can put money on their ID at terminals throughout the campus. The security administrator was notified that computer science students have been using the network to illegally put money on their cards. The administrator would like to attempt to reproduce what the students are doing. Which of the following is the BEST course of action?

Notify the transaction system vendor of the security vulnerability that was discovered.

Use a protocol analyzer to reverse engineer the transaction system’s protocol.

Contact the computer science students and threaten disciplinary action if they continue their actions.

Install a NIDS in front of all the transaction system terminals.

Answer: B

Question No: 304 – (Topic 3)

A newly-appointed risk management director for the IT department at Company XYZ, a major pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which the developers plan to bring on-line in three weeks. The director begins by reviewing the thorough and well-written report from the independent contractor who performed a security assessment of the system. The report details what seem to be a manageable volume of infrequently exploited security vulnerabilities. The director decides to implement continuous monitoring and other security controls to mitigate the impact of the vulnerabilities. Which of the following should the director require from the developers before agreeing to deploy the system?

An incident response plan which guarantees response by tier two support within 15 minutes of an incident.

A definitive plan of action and milestones which lays out resolutions to all vulnerabilities within six months.

Business insurance to transfer all risk from the company shareholders to the insurance company.

A prudent plan of action which details how to decommission the system within 90 days of becoming operational.

Answer: B

Question No: 305 – (Topic 3)

Due to cost and implementation time pressures, a security architect has allowed a NAS to be used instead of a SAN for a non-critical, low volume database. Which of the following would make a NAS unsuitable for a business critical, high volume database application that required a high degree of data confidentiality and data availability? (Select THREE).

File level transfer of data

Zoning and LUN security

Block level transfer of data

Multipath

Broadcast storms

File level encryption

Latency

Answer: A,E,G

Question No: 306 – (Topic 3)

A security administrator is redesigning, and implementing a service-oriented architecture to replace an old, in-house software processing system, tied to a corporate sales website.

After performing the business process analysis, the administrator decides the services need to operate in a dynamic fashion. The company has also been the victim of data injection attacks in the past and needs to build in mitigation features. Based on these requirements and past vulnerabilities, which of the following needs to be incorporated into the SOA?

Point to point VPNs for all corporate intranet users.

Cryptographic hashes of all data transferred between services.

Service to service authentication for all workflows.

Two-factor authentication and signed code

Answer: C

Question No: 307 – (Topic 3)

A database administrator comes across the below records in one of the databases during an internal audit of the payment system:

From a security perspective, which of the following should be the administrator’s GREATEST concern, and what will correct the concern?

Concern: Passwords are stored in plain text. Correction: Require a minimum of 8 alphanumeric characters and hash the password.

Concern: User IDs are also usernames, and could be enumerated, thereby disclosing sensitive account information. Correction: Require user IDs to be more complex by using alphanumeric characters and hash the UserIDs.

Concern: More than four digits within a credit card number are stored. Correction: Only store the last four digits of a credit card to protect sensitive financial information.

Answer: A

Question No: 308 – (Topic 3)

An architect has been engaged to write the security viewpoint of a new initiative. Which of the following BEST describes a repeatable process that can be used for establishing the security architecture?

Inspect a previous architectural document. Based on the historical decisions made, consult the architectural control and pattern library within the organization and select the controls that appear to best fit this new architectural need.

Implement controls based on the system needs. Perform a risk analysis of the system. For any remaining risks, perform continuous monitoring.

Classify information types used within the system into levels of confidentiality, integrity, and availability. Determine minimum required security controls. Conduct a risk analysis.

Decide on which security controls to implement.

Perform a risk analysis of the system. Avoid extreme risks. Mitigate high risks. Transfer medium risks and accept low risks. Perform continuous monitoring to ensure that the system remains at an adequate security posture.

Answer: C

Question No: 309 – (Topic 3)

The marketing department at Company A regularly sends out emails signed by the company’s Chief Executive Officer (CEO) with announcements about the company. The CEO sends company and personal emails from a different email account. During legal proceedings against the company, the Chief Information Officer (CIO) must prove which emails came from the CEO and which came from the marketing department. The email server allows emails to be digitally signed and the corporate PKI provisioning allows for one certificate per user. The CEO did not share their password with anyone. Which of the following will allow the CIO to state which emails the CEO sent and which the marketing department sent?

Identity proofing

Non-repudiation

Key escrow

Digital rights management

Answer: B

Question No: 310 – (Topic 3)

A morphed worm carrying a 0-day payload has infiltrated the company network and is now spreading across the organization. The security administrator was able to isolate the worm communication and payload distribution channel to TCP port 445. Which of the following can the administrator do in the short term to minimize the attack?

Deploy the following ACL to the HIPS: DENY – TCP – ANY – ANY – 445.

Run a TCP 445 port scan across the organization and patch hosts with open ports.

Add the following ACL to the corporate firewall: DENY – TCP – ANY – ANY – 445.

Force a signature update and full system scan from the enterprise anti-virus solution.